Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 5.8 MEDIUM | 6.1 MEDIUM |
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | |||||
CVE-2022-27505 | 1 Citrix | 24 Sd-wan 1000, Sd-wan 1000 Firmware, Sd-wan 110 and 21 more | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected cross site scripting (XSS) | |||||
CVE-2020-25152 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 5.8 MEDIUM | 8.1 HIGH |
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. | |||||
CVE-2021-40398 | 1 Accusoft | 1 Imagegear | 2022-04-21 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write vulnerability exists in the parse_raster_data functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-1351 | 1 Pimcore | 1 Pimcore | 2022-04-21 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4. | |||||
CVE-2022-23292 | 1 Microsoft | 1 On-premises Data Gateway | 2022-04-21 | 4.3 MEDIUM | 3.1 LOW |
Microsoft Power BI Spoofing Vulnerability. | |||||
CVE-2022-23268 | 1 Microsoft | 2 Windows 11, Windows Server 2022 | 2022-04-21 | 2.1 LOW | 6.5 MEDIUM |
Windows Hyper-V Denial of Service Vulnerability. | |||||
CVE-2022-23259 | 1 Microsoft | 1 Dynamics 365 | 2022-04-21 | 9.0 HIGH | 8.8 HIGH |
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | |||||
CVE-2022-23257 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2022-04-21 | 4.6 MEDIUM | 8.8 HIGH |
Windows Hyper-V Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22008, CVE-2022-22009, CVE-2022-24537. | |||||
CVE-2021-21956 | 1 Cloudlinux | 1 Imunify360 | 2022-04-21 | 9.3 HIGH | 7.8 HIGH |
A php unserialize vulnerability exists in the Ai-Bolit functionality of CloudLinux Inc Imunify360 5.10.2. A specially-crafted malformed file can lead to potential arbitrary command execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
CVE-2022-24788 | 1 Vyper Project | 1 Vyper | 2022-04-21 | 7.5 HIGH | 9.8 CRITICAL |
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2021-43154 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php. | |||||
CVE-2022-27814 | 1 Waycrate | 1 Swhkd | 2022-04-21 | 2.1 LOW | 3.3 LOW |
SWHKD 1.1.5 allows arbitrary file-existence tests via the -c option. | |||||
CVE-2020-25156 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 9.0 HIGH | 7.2 HIGH |
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. | |||||
CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2022-04-21 | 3.6 LOW | 4.4 MEDIUM |
SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | |||||
CVE-2020-25166 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.5 HIGH | 7.1 HIGH |
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | |||||
CVE-2020-25164 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. | |||||
CVE-2020-25162 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2022-04-21 | 7.8 HIGH | 7.5 HIGH |
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | |||||
CVE-2022-24843 | 1 Gin-vue-admin Project | 1 Gin-vue-admin | 2022-04-21 | 5.0 MEDIUM | 7.5 HIGH |
Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Gin-vue-admin 2.50 has arbitrary file read vulnerability due to a lack of parameter validation. This has been resolved in version 2.5.1. There are no known workarounds for this issue. | |||||
CVE-2022-24847 | 1 Osgeo | 1 Geoserver | 2022-04-21 | 6.5 MEDIUM | 7.2 HIGH |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The GeoServer security mechanism can perform an unchecked JNDI lookup, which in turn can be used to perform class deserialization and result in arbitrary code execution. The same can happen while configuring data stores with data sources located in JNDI, or while setting up the disk quota mechanism. In order to perform any of the above changes, the attack needs to have obtained admin rights and use either the GeoServer GUI, or its REST API. The lookups are going to be restricted in GeoServer 2.21.0, 2.20.4, 1.19.6. Users unable to upgrade should restrict access to the `geoserver/web` and `geoserver/rest` via a firewall and ensure that the GeoWebCache is not remotely accessible. |